virus logo Threat Signal Report

Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability

What is the Vulnerability?

CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product’s implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.

Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.

What is the recommended Mitigation?

  • Update/ Patch:
    - Upgrade all affected Gladinet CentreStack and Triofox deployments to 16.12.10420.56791 or later.
    Hardening the CentreStack Cluster – Gladinet
    Releases History - Triofox

  • Monitor & Hunt:
    - Analyze web server logs for Indicators of Compromise (IoCs) IoCs, including suspicious requests to /storage/filesvr.dn.
    - Look for unusual access patterns or unexpected file retrieval attempts.

  • Endpoint & Network Controls:
    - Restrict access to affected services from untrusted networks.
    - Use Web Application Firewalls (WAF) to filter malformed or unexpected HTTP requests.

  • Post-Compromise Response:
    - If compromise is confirmed, rotate cryptographic keys (e.g., ASP.NET machine keys) and credentials.
    - Investigate lateral movement and persistence mechanisms.

What FortiGuard Coverage is available?

  • FortiGuard IPS Service is available to detect and block exploit attempts targeting CVE-2025-14611. Intrusion Prevention | FortiGuard Labs

  • FortiGuard Web Filtering Service protects against malicious URLs, domains, IPs, and other attacker-controlled infrastructure associated with this campaign.

  • FortiAnalyzer, FortiSIEM, and FortiSOAR leverage known IoCs delivered through the Indicators of Compromise (IoC) Service to enhance threat hunting, detection, and automated response, strengthening investigation workflows and correlation against related threat activity. FortiGuard Labs continues to monitor for newly emerging IoCs to ensure proactive protection.

  • Organizations suspecting a compromise can contact the FortiGuard Incident Response team for rapid investigation and remediation support.

Additional Resources

Huntress Blog


Released Date Dec 16, 2025
Tags Threat Signal Vulnerability
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
About FortiGuard Threat Signal

Learn More »